RedHatRHSA-2014:1037(RHSA-2014:1037) Moderate: cfme security and bug fix update
EPSS
Percentile
57.4%
Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.
It was found that the get and log methods of the AgentController wrote log
messages without sanitizing user input. A remote attacker could use this
flaw to insert arbitrary content into the log files written to by
AgentController. (CVE-2014-0136)
This issue was discovered by Jan Rusnacko of Red Hat Product Security.
This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.
All users of Red Hat CloudForms 3.0 are advised to upgrade to these updated
packages, which correct these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | x86_64 | mingw32-cfme-host | < 5.2.5.3-2.el6cf | mingw32-cfme-host-5.2.5.3-2.el6cf.x86_64.rpm |
| RedHat | 6 | x86_64 | cfme-lib | < 5.2.5.3-2.el6cf | cfme-lib-5.2.5.3-2.el6cf.x86_64.rpm |
| RedHat | 6 | x86_64 | cfme-debuginfo | < 5.2.5.3-2.el6cf | cfme-debuginfo-5.2.5.3-2.el6cf.x86_64.rpm |
| RedHat | 6 | x86_64 | cfme | < 5.2.5.3-2.el6cf | cfme-5.2.5.3-2.el6cf.x86_64.rpm |
| RedHat | 6 | x86_64 | cfme-appliance | < 5.2.5.3-2.el6cf | cfme-appliance-5.2.5.3-2.el6cf.x86_64.rpm |
Related
